Zero Trust Push for Insurers
Security leaders are urging insurers to adopt Zero Trust architectures by 2025, stressing continuous verification across hybrid environments to defend against AI‑weaponized attacks and nation‑state threats. That shift affects SIU and claims workflows that must protect sensitive PII and model telemetry at every touchpoint. (blog.madrigan.com)
A Marsh McLennan analysis highlighted in Zscaler’s June 2025 report estimated Zero Trust could have reduced cyber losses by up to 31%, a figure Zscaler translated into as much as $465 billion in avoidable annual global economic loss. (zscaler.com) An industry survey published by CIO reported 96% of organizations favor Zero Trust, 65% planned to replace VPNs, and 81% intended to implement Zero Trust strategies within a 12‑month horizon. (cio.com) The NAIC’s Insurance Data Security Model Law (Model #668) requires licensed insurers to implement an information security program and incident response procedures, creating explicit regulatory expectations for carrier security controls. (content.naic.org) At least 26 U.S. states have enacted insurance data security statutes or adaptations of the NAIC model, and in 2025 the NAIC converted its Third‑Party Data and Models task force into a standing working group to oversee vendor/model risk. (jdsupra.com) The NAIC Model Bulletin on AI calls for documented verification, testing and governance of insurer AI systems while industry research shows more than 70% of U.S. insurers are using or planning to use AI/ML across underwriting and claims. (content.naic.org) Academic and industry research into ML threats lists model inversion, membership‑inference and data‑poisoning risks for deployed models, while telemetry best‑practice guides recommend encrypting, governing and tracing telemetry from collectors through model pipelines to preserve PII and audit trails. (link.springer.com) Security vendors and consultancies are packaging insurer‑focused offerings — Zscaler with Risk360 and Zero Trust research, Microsoft with Azure architecture guidance for AI‑enabled claims, Orca and other cloud‑security firms promoting secure model/telemetry integrations, and Deloitte documenting Zero Trust landing‑zone projects for insurers. (zscaler.com) Zero‑trust and AI governance conversations are now fixtures at industry forums: ITC Vegas (InsurTech Connect) draws 10,000+ attendees and features sessions on generative AI and security, the NAIC H Committee continues monthly cybersecurity and Big Data/AI working group meetings, and trade outlets like Insurance Journal regularly cover cyber insurance and AI risk. (insurtechny.com)
